Logservice
margo@caption:~$ ps -auxww | grep -i server.go
root 1050 0.0 0.0 2892 956 ? Ss 08:12 0:00 /bin/sh -c cd /root;/usr/local/go/bin/go run server.go
root 1051 0.0 0.4 1240804 17632 ? Sl 08:12 0:01 /usr/local/go/bin/go run server.goIt would appear that the Logservice that was seen in the GitBucket repository is running in the target system with the privileges of the root user
Checking the source code of the server application reveals a critical vulnerability
The logs variable is directly passed on to the exec.Command function without any input sanitization
This would mean that code execution is achievable if i could control the logs variable. such as the userAgent variable
The server application is running on the target port 9090
Moving on to the Privilege Escalation phase